CVE-2020-2499
6.3
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
Summary
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| QNAP Systems Inc. | QES | unspecified < 2.1.1 | affected |
Weaknesses
- CWE-259: CWE-259 Use of Hard-coded Password
- CWE-798: CWE-798 Use of Hard-coded Credentials
- CWE-522: CWE-522 Insufficiently Protected Credentials
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.